DNS forwarding not working properly?
Jonathan Petersson
jpetersson at garnser.se
Thu Mar 26 15:32:57 UTC 2009
You need to enable recursion in options.
/Jonathan
2009/3/26 ARMSTRONG, KENNETH <KARMSTRONG at botetourtva.us>:
> OK, I've been trying my hardest to figure this out.
>
> I have BIND9 installed and set up as a slave to one of our Domain
> Controllers (so we can at least still get DNS if it were to go down). It
> works fine for transferring the zone file of our domain down, and from the
> server running BIND I can resolve hostnames of our local network machines
> along with outside names such as google.com (using nslookup, yeah I know it
> sucks).
>
> However, when I set up one of my Windows XP clients to use the new server
> for DNS, it can resolve local machine names fine when I run nslookup against
> it, but it gives me "Query refused" when trying to resolve an outside DNS
> name.
>
> I ran nslookup against the ISP's DNS IP's and can resolve the outside
> hostnames just fine, but for some reason I can't resolve them against the
> new DNS server.
>
> I have not made any modifications to /etc/bind/named.conf. Instead, I have
> put my configurations in /etc/bind/named.conf.local (since that is what the
> named.conf file says to do).
>
> Here is my /etc/bind/named.conf.local file (protected of course):
>
> Code:
>
> zone "OURDOMAIN.COM" {
>
> type slave;
>
> masters {
>
> 192.168.1.22;
>
> 192.168.1.23;
>
> };
>
> file "OURDOMAIN.COM.db";
>
> allow-transfer {
>
> any;
>
> };
>
> allow-query {
>
> any;
>
> };
>
> };
>
>
>
> zone "192.168.in-addr.arpa" {
>
> type slave;
>
> masters {
>
> 192.168.1.22;
>
> 192.168.1.23;
>
> };
>
> file "192.168.in-addr.arpa.db";
>
> allow-transfer {
>
> any;
>
> };
>
> allow-query {
>
> any;
>
> };
>
> };
>
> And my /etc/bind/named.conf.options:
>
> Code:
>
> options {
>
> directory "/var/cache/bind";
>
>
>
> forwarders {
>
> 216.12.0.20;
>
> 216.12.48.23;
>
> };
>
>
>
> auth-nxdomain no;
>
> listen-on-v6 { any; };
>
> };
>
> Again, this only seems to affect outside clients, I can run queries on
> nslookup just fine on the DNS server itself.
>
> Any help would be greatly appreciated.
>
>
>
> Kenny
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list